Click to jump to signature section
Source: https://autodiscover.uk/autodiscover/autodiscover.xml | Avira URL Cloud: Label: malware |
Source: https://autodiscover.com.br/autodiscover/autodiscover.xml | Avira URL Cloud: Label: malware |
Source: https://autodiscover.es/auto | Avira URL Cloud: Label: malware |
Source: https://autodiscover.in/autodiscover/autodiscover.xml | Avira URL Cloud: Label: malware |
Source: https://autodiscover.it/autodiscover/autodiscover.xml | Avira URL Cloud: Label: malware |
Source: https://autodiscover.xyz/autodiscover/autodiscover.xml | Avira URL Cloud: Label: malware |
Source: https://autodiscover.xyz/autodiscover/autodis~ | Avira URL Cloud: Label: malware |
Source: https://autodiscover.com.cn/autodiscover/autodiscover.xml | Avira URL Cloud: Label: malware |
Source: https://autodiscover.es/autodiscover/autodiscover.xml | Avira URL Cloud: Label: malware |
Source: C:\Windows\Jammer2nd.exe | Avira: detection malicious, Label: WORM/Netsky.AY |
Source: C:\Windows\Jammer2nd.exe | ReversingLabs: Detection: 94% |
Source: .exe | Virustotal: Detection: 90% | Perma Link |
Source: .exe | ReversingLabs: Detection: 94% |
Source: Submited Sample | Integrated Neural Analysis Model: Matched 99.7% probability |
Source: C:\Windows\Jammer2nd.exe | Joe Sandbox ML: detected |
Source: .exe | Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: unknown | HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.11:49706 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.11:58015 version: TLS 1.2 |
Source: | Binary string: \??\c:\documents and settings\user\local settings\application data\application data\temp\symbols\winload_prod.pdb\01ab9056ea9380f71644c4339e3fa1ac2\*.**** source: .exe, 00000000.00000003.1981024986.0000000003A0C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: WINLOA~1.PDBwinload_prod.pdb source: .exe, 00000000.00000003.2355121266.0000000003F58000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.1590767054.00000000039AB000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\c:\documents and settings\user\appdata\local\temp\symbols\ntkrnlmp.pdb\*.* source: .exe, 00000000.00000003.1789277294.0000000000862000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: WINLOA~1.PDBwinload_prod.pdb6BADA8974A10C4BD62CC921D13E43B18_AD319D6DA1A11BC83AC8B4E4D3638231 source: .exe, 00000000.00000003.2402117297.0000000003F88000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: winload_prod.pdb\*.*.* source: .exe, 00000000.00000003.2347572071.0000000000862000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ntkrnlmp.pdb source: .exe, 00000000.00000003.1590939619.00000000039AD000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\c:\documents and settings\user\local settings\application data\application data\application data\application data\application data\application data\application data\temp\symbols\winload_prod.pdb\01ab9056ea9380f71644c4339e3fa1ac2\*.** source: .exe, 00000000.00000003.1858328205.0000000003F60000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: c:\documents and settings\user\local settings\application data\application data\application data\application data\application data\application data\application data\application data\application data\temp\symbols\ntkrnlmp.pdb\68a17faf3012b7846079aeecdbe0a5831\*.*l source: .exe, 00000000.00000003.1810373988.0000000000879000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: AppDatatsettntkrnlmp.pdb source: .exe, 00000000.00000003.2355121266.0000000003F58000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: WINLOA~1.PDBwinload_prod.pdb23.6.20320.6 2023-10-05 13-08-01-292.logT source: .exe, 00000000.00000003.2355121266.0000000003F58000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: c:\documents and settings\user\local settings\application data\application data\application data\application data\application data\application data\application data\temp\symbols\ntkrnlmp.pdb\68a17faf3012b7846079aeecdbe0a5831\*.** source: .exe, 00000000.00000003.1858127889.0000000003991000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: c:\documents and settings\user\local settings\temp\symbols\winload_prod.pdb\01ab9056ea9380f71644c4339e3fa1ac2\*.* source: .exe, 00000000.00000003.2030102285.0000000003A09000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.2029030956.0000000003A09000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: c:\documents and settings\user\local settings\temp\symbols\ntkrnlmp.pdb\*.*t source: .exe, 00000000.00000003.2029303219.0000000000862000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: c:\documents and settings\user\local settings\application data\application data\application data\application data\application data\application data\application data\application data\application data\temp\symbols\winload_prod.pdb\*.**.*3? source: .exe, 00000000.00000003.1810160432.00000000008EA000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: c:\users\user\appdata\local\application data\application data\application data\application data\application data\application data\application data\application data\application data\temp\symbols\winload_prod.pdb\*.*)ynS source: .exe, 00000000.00000003.2355040605.000000000397D000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.2355896529.0000000003995000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: c:\documents and settings\user\local settings\application data\application data\application data\application data\application data\application data\application data\temp\symbols\winload_prod.pdb\01ab9056ea9380f71644c4339e3fa1ac2\*.*.*.*55vnt2kbkwuyqrkkmhfauv3tr8fudne3ac3syzjd source: .exe, 00000000.00000003.1858328205.0000000003F60000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: 4B56C4~1.LOGntkrnlmp.pdb4x source: .exe, 00000000.00000003.2355121266.0000000003F58000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\c:\users\user\appdata\local\application data\application data\application data\application data\application data\application data\application data\application data\application data\temp\symbols\winload_prod.pdb\*.*ation data\application data\application data\application data\application data\application data\application data\application data\packages\windows.printdialog_cw5n1h2txyewy\systemappdata\*.**.* source: .exe, 00000000.00000003.2354877312.0000000000891000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\temp\symbols\winload_prod.pdb\01ab9056ea9380f71644c4339e3fa1ac2\*.* source: .exe, 00000000.00000003.1707771730.000000000081B000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: c:\documents and settings\user\local settings\temp\symbols\winload_prod.pdb\*.**fn-U source: .exe, 00000000.00000003.2029303219.0000000000819000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\c:\documents and settings\user\local settings\application data\application data\application data\application data\application data\application data\application data\application data\application data\temp\symbols\ntkrnlmp.pdb\*.*\*.* source: .exe, 00000000.00000003.1810160432.00000000008EA000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: c:\documents and settings\user\local settings\application data\application data\application data\application data\application data\application data\application data\application data\application data\temp\symbols\winload_prod.pdb\01ab9056ea9380f71644c4339e3fa1ac2\*.* source: .exe, 00000000.00000003.1810373988.0000000000879000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: c:\documents and settings\user\appdata\local\application data\application data\application data\application data\application data\application data\application data\application data\application data\temp\symbols\ntkrnlmp.pdb\*.**M source: .exe, 00000000.00000003.1558215120.0000000003985000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.1558840702.0000000003984000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.1558063076.0000000003984000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: c:\users\user\appdata\local\application data\application data\application data\application data\application data\application data\application data\application data\application data\temp\symbols\ntkrnlmp.pdb\*.*datay source: .exe, 00000000.00000003.2355040605.000000000397D000.00000004.00000020.00020000.00000000.sdmp, .exe, 00000000.00000003.2355896529.0000000003995000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\c:\documents and settings\user\local settings\application data\application data\application data\application data\application data\application data\application data\temp\symbols\ntkrnlmp.pdb\68a17faf3012b7846079aeecdbe0a5831\*.**.*x' source: .exe, 00000000.00000003.1858328205.0000000003F60000.00000004.00000020.00020000.00000000.sdmp |
Source: C:\Windows\Jammer2nd.exe | Code function: 3_2_00402100 FindFirstFileA,CharLowerBuffA,FindNextFileA,FindClose, | 3_2_00402100 |
Source: C:\Users\user\Desktop\ .exe | File opened: c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\microsoft\search\data\applications\windows\gatherlogs\systemindex\ | Jump to behavior |
Source: C:\Users\user\Desktop\ .exe | File opened: c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\microsoft\search\data\applications\windows\config\ | Jump to behavior |
Source: C:\Users\user\Desktop\ .exe | File opened: c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\microsoft\search\data\applications\windows\gatherlogs\ | Jump to behavior |
Source: C:\Users\user\Desktop\ .exe | File opened: c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\microsoft\search\data\ | Jump to behavior |
Source: C:\Users\user\Desktop\ .exe | File opened: c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\microsoft\search\data\applications\windows\ | Jump to behavior |
Source: C:\Users\user\Desktop\ .exe | File opened: c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\microsoft\search\data\applications\ | Jump to behavior |
Source: unknown | DNS traffic detected: query: aaw.pl replaycode: Not Implemented (4) |
Source: unknown | DNS traffic detected: query: lufka.zx replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: arb.cz replaycode: Not Implemented (4) |
Source: unknown | DNS traffic detected: query: bryson.demon.co.uk replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: musical.com.br replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: x.com.pt replaycode: Not Implemented (4) |
Source: unknown | DNS traffic detected: query: abcdefg.cz replaycode: Not Implemented (4) |
Source: unknown | DNS traffic detected: query: netko.hr replaycode: Not Implemented (4) |
Source: unknown | DNS traffic detected: query: x replaycode: Not Implemented (4) |
Source: unknown | DNS traffic detected: query: contoso.mx replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: src.dec.com replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: somemail.ro replaycode: Not Implemented (4) |
Source: unknown | DNS traffic detected: query: mx1-lw-eu.apache.org replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: orice.ro replaycode: Not Implemented (4) |
Source: unknown | DNS traffic detected: query: z replaycode: Not Implemented (4) |
Source: unknown | DNS traffic detected: query: fanfary.pq replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: worldwideoffices.ro replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: kywx.com.pt replaycode: Not Implemented (4) |
Source: unknown | DNS traffic detected: query: xara.pl replaycode: Server failure (2) |
Source: unknown | DNS traffic detected: query: emaiserver.ro replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: 4x.png replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: 4.0.0 replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: oopp.pl replaycode: Not Implemented (4) |
Source: unknown | DNS traffic detected: query: 3x.png replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: example.mx replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: marketing.firma.de replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: mx1-lw-us.apache.org replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: wewew.pl replaycode: Not Implemented (4) |
Source: unknown | DNS traffic detected: query: contoso.com.pt replaycode: Not Implemented (4) |
Source: unknown | DNS traffic detected: query: fafa.pk replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: quatro.br replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: abcdef.hr replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: 2x.png replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: riekk.pl replaycode: Not Implemented (4) |
Source: unknown | DNS traffic detected: query: tvrtka.hr replaycode: Not Implemented (4) |
Source: unknown | DNS traffic detected: query: xxv.pq replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: mx2-lw-eu.apache.org replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: search.mozilla.org replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: tek-astore.cz replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: bpp.gouv.fr replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: pirajui.br replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: griepp.pl replaycode: Not Implemented (4) |
Source: unknown | DNS traffic detected: query: contoso.com.br replaycode: Not Implemented (4) |
Source: unknown | DNS traffic detected: query: marketing-bpp.fr replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: fajrant.qz replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: negdje.hr replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: ektro.cz replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: animo.br replaycode: Name error (3) |
Source: unknown | Network traffic detected: DNS query count 112 |
Source: global traffic | TCP traffic: 192.168.2.11:65458 -> 1.1.1.1:53 |
Source: global traffic | TCP traffic: 192.168.2.11:58013 -> 162.159.36.2:53 |
Source: global traffic | DNS traffic detected: number of DNS queries: 112 |
Source: Joe Sandbox View | IP Address: 212.19.106.223 212.19.106.223 |
Source: Joe Sandbox View | IP Address: 52.101.40.26 52.101.40.26 |
Source: Joe Sandbox View | IP Address: 52.101.40.2 52.101.40.2 |
Source: Joe Sandbox View | JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4 |
Source: global traffic | TCP traffic: 192.168.2.11:49705 -> 98.136.96.76:25 |
Source: global traffic | TCP traffic: 192.168.2.11:65460 -> 52.101.9.4:25 |
Source: global traffic | TCP traffic: 192.168.2.11:65461 -> 142.251.173.26:25 |
Source: global traffic | TCP traffic: 192.168.2.11:65468 -> 52.101.40.26:25 |
Source: global traffic | TCP traffic: 192.168.2.11:65470 -> 74.125.206.26:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58016 -> 52.101.40.25:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58028 -> 161.35.84.83:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58029 -> 52.101.40.2:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58031 -> 52.101.42.0:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58033 -> 64.147.108.52:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58036 -> 51.81.61.70:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58037 -> 185.183.28.235:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58038 -> 131.111.8.146:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58039 -> 64.29.151.236:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58045 -> 52.101.194.19:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58047 -> 52.101.68.21:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58048 -> 52.101.11.6:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58050 -> 67.195.228.86:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58056 -> 52.42.85.34:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58060 -> 52.101.11.2:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58063 -> 52.101.8.49:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58070 -> 131.107.88.24:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58077 -> 165.227.159.144:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58079 -> 173.228.157.40:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58081 -> 52.101.68.0:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58084 -> 131.107.55.31:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58085 -> 52.101.42.18:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58087 -> 96.47.154.206:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58093 -> 52.101.42.8:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58096 -> 195.29.173.138:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58098 -> 178.218.165.214:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58101 -> 52.101.40.1:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58103 -> 52.101.10.19:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58106 -> 52.101.11.3:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58107 -> 212.19.106.223:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58108 -> 176.223.123.126:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58111 -> 67.195.228.84:25 |
Source: global traffic | TCP traffic: 192.168.2.11:58112 -> 85.187.148.2:25 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.3 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.3 |
Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.3 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.42 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.3 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | TCP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | TCP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | TCP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | TCP traffic detected without corresponding DNS query: 162.159.36.2 |
Source: unknown | TCP traffic detected without corresponding DNS query: 162.159.36.2 |
Source: unknown | TCP traffic detected without corresponding DNS query: 162.159.36.2 |
Source: unknown | TCP traffic detected without corresponding DNS query: 162.159.36.2 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: C:\Windows\Jammer2nd.exe | Code function: 3_2_00402CD3 socket,htons,bind,closesocket,listen,closesocket,recv,_hwrite,accept,wsprintfA,_lopen,recv,_hwrite,WinExec,_lclose,closesocket,Sleep, | 3_2_00402CD3 |
Source: global traffic | HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=bRfCBRyUv3R6c+O&MD=rTkBuXWm HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: global traffic | HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=bRfCBRyUv3R6c+O&MD=rTkBuXWm HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: .exe, 00000000.00000003.2125580675.0000000003F51000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: is._mediaelement.setattribute("playsinline",""),this._mediaelement.setattribute("crossorigin",""),this._mediaelement.autoplay=!0,this._mediaelement.controls=!0,c.ismobileos()&&(this._mediaelement.muted=!0),this._mediaelement.preload="none",this._mediaelement.style.width="100%";for(var e=0,t=this.owner.sources;e<t.length;e++){var n=t[e].render();c.appendchild(this._mediaelement,n)}for(var i=0,r=this.owner.captionsources;i<r.length;i++){var o=r[i];if("vtt"==o.mimetype){var a=o.render();c.appendchild(this._mediaelement,a)}}return this._mediaelement},t.prototype.play=function(){this._mediaelement&&this._mediaelement.play()},object.defineproperty(t.prototype,"selectedmediatype",{get:function(){return this._selectedmediatype},enumerable:!1,configurable:!0}),t.supportedmediatypes=["audio","video"],t}(z);t.html5mediaplayer=n;var r=function(e){function t(t){return e.call(this)||this}return i(t,e),t}(z);t.custommediaplayer=r;var f=function(e){function t(t,n){var i=e.call(this,t)||this;return i.iframetitle=n,t.length>=2&&(i._videoid=t[1]),i}return i(t,e),t.prototype.canplay=function(){return void 0!==this._videoid},t.prototype.render=function(){var e=document.createelement("div");e.style.position="relative",e.style.width="100%",e.style.height="0",e.style.paddingbottom="56.25%";var t=document.createelement("iframe");return t.style.position="absolute",t.style.top="0",t.style.left="0",t.style.width="100%",t.style.height="100%",t.src=this.getembedvideourl(),t.frameborder="0",this.iframetitle&&(t.title=this.iframetitle),t.allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture",t.allowfullscreen=!0,e.appendchild(t),e},object.defineproperty(t.prototype,"videoid",{get:function(){return this._videoid},enumerable:!1,configurable:!0}),t}(r);t.iframemediamediaplayer=f;var b=function(e){function t(){return null!==e&&e.apply(this,arguments)||this}return i(t,e),t.prototype.fetchvideodetails=function(){return o(this,void 0,void 0,(function(){var e,t,n;return a(this,(function(i){switch(i.label){case 0:return e="https://vimeo.com/api/oembed.json?url=".concat(this.getembedvideourl()),[4,fetch(e)];case 1:return(t=i.sent()).ok?[4,t.json()]:[3,3];case 2:n=i.sent(),this.posterurl=n.thumbnail_url,i.label=3;case 3:return[2]}}))}))},t.prototype.getembedvideourl=function(){return"https://player.vimeo.com/video/".concat(this.videoid,"?autoplay=1")},t}(f);t.vimeoplayer=b;var h=function(e){function t(){return null!==e&&e.apply |